CVE-2014-3608
OpenStack Nova < 2014.1.3 - Authenticated Denial of Service via VM Rescue State Bypass
Title source: llmDescription
The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows remote authenticated users to bypass the quota limit and cause a denial of service (resource consumption) by putting the VM into the rescue state, suspending it, which puts into an ERROR state, and then deleting the image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2573.
References (5)
Core 5
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1782.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2014-1781.html
Exploit, Third Party Advisory x_refsource_confirm
https://bugs.launchpad.net/nova/+bug/1338830
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2014/q4/65
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/70220
Scores
EPSS
0.0069
EPSS Percentile
72.0%
Details
CWE
CWE-399
Status
published
Products (2)
openstack/nova
2013.2 - 2013.2.4
pypi/nova
0 - 2014.1.3PyPI
Published
Oct 06, 2014
Tracked Since
Feb 18, 2026